zabbix: Grant zabbix_agent_t to call setrlimit on self

Zabbix Agent wants to disable core dumps on its process or it refuses to start. See zabbix bug ZBX-10542
author: Guido Trentalancia <guido@trentalancia.net> 2017-05-25 12:53:07 +0200
committer: Jason Zaman <jason@perfinion.com> 2017-06-06 01:16:18 +0800
commit: 16ad490b87e5629bafc5251261fc294340096fe9 (patch)
tree: 6933db6889aca7a36d9397e78b901d7c47a1b961
parent: dbus: let session bus daemon manage user runtime dirs (diff)
download: hardened-refpolicy-16ad490b.tar.gz
hardened-refpolicy-16ad490b.tar.bz2
hardened-refpolicy-16ad490b.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/policy/modules/contrib/zabbix.te b/policy/modules/contrib/zabbix.te
index 3f45497a..5d57a2af 100644
--- a/policy/modules/contrib/zabbix.te
+++ b/policy/modules/contrib/zabbix.te
@@ -1,4 +1,4 @@
-policy_module(zabbix, 1.10.1)
+policy_module(zabbix, 1.10.2)
 
 ########################################
 #
@@ -133,7 +133,7 @@ optional_policy(`
 #
 
 allow zabbix_agent_t self:capability { setgid setuid };
-allow zabbix_agent_t self:process { setsched getsched signal };
+allow zabbix_agent_t self:process { setsched getsched signal setrlimit };
 allow zabbix_agent_t self:fifo_file rw_fifo_file_perms;
 allow zabbix_agent_t self:sem create_sem_perms;
 allow zabbix_agent_t self:shm create_shm_perms;
author	Guido Trentalancia <guido@trentalancia.net>	2017-05-25 12:53:07 +0200
committer	Jason Zaman <jason@perfinion.com>	2017-06-06 01:16:18 +0800
commit	16ad490b87e5629bafc5251261fc294340096fe9 (patch)
tree	6933db6889aca7a36d9397e78b901d7c47a1b961
parent	dbus: let session bus daemon manage user runtime dirs (diff)
download	hardened-refpolicy-16ad490b.tar.gz hardened-refpolicy-16ad490b.tar.bz2 hardened-refpolicy-16ad490b.zip